]> git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_ProxyByTable.py
Merge pull request #13927 from rgacogne/fix-fclose-warnings
[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_ProxyByTable.py
1 import dns
2 import os
3 from recursortests import RecursorTest
4
5 class testProxyByTable(RecursorTest):
6 """
7 This test makes sure that we correctly use the proxy-mapped address during the ACL check
8 """
9 _confdir = 'ProxyByTable'
10
11 _config_template = """dnssec=validate
12 auth-zones=authzone.example=configs/%s/authzone.zone
13 allow-from=3.4.5.0/24
14 """ % _confdir
15
16 _lua_config_file = """
17 addProxyMapping("127.0.0.0/24", "3.4.5.6:99")
18 """
19
20 @classmethod
21 def generateRecursorConfig(cls, confdir):
22 authzonepath = os.path.join(confdir, 'authzone.zone')
23 with open(authzonepath, 'w') as authzone:
24 authzone.write("""$ORIGIN authzone.example.
25 @ 3600 IN SOA {soa}
26 @ 3600 IN A 192.0.2.88
27 """.format(soa=cls._SOA))
28 super(testProxyByTable, cls).generateRecursorConfig(confdir)
29
30
31 def testA(self):
32 expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
33 query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
34 query.flags |= dns.flags.AD
35
36 for method in ("sendUDPQuery", "sendTCPQuery"):
37 sender = getattr(self, method)
38 res = sender(query)
39
40 self.assertMessageIsAuthenticated(res)
41 self.assertRRsetInAnswer(res, expected)
42 self.assertMatchingRRSIGInAnswer(res, expected)
43
44